Home > mailing lists

Re: dblink connection security - Mailing list pgsql-patches

From	Gregory Stark
Subject	Re: dblink connection security
Date	July 9, 2007 02:10:12
Msg-id	87lkdqclx9.fsf@oxford.xeocode.com Whole thread Raw
In response to	Re: dblink connection security (Joe Conway <mail@joeconway.com>)
Responses	Re: dblink connection security (Stephen Frost <sfrost@snowman.net>) Re: dblink connection security (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-patches

Tree view

"Joe Conway" <mail@joeconway.com> writes:

> If there are no objections I'll commit this later today.

My objection is that I think we should still revoke access for non-superuser
by default. The patch makes granting execute reasonable for most users but
nonetheless it shouldn't be the default.

Being able to connect to a postgres server shouldn't mean being able to open
tcp connections *from* that server to arbitrary other host/ports. Consider for
example that it would allow a user to perform a port scan from inside your
network to see what internal services are running.

--
  Gregory Stark
  EnterpriseDB          http://www.enterprisedb.com

pgsql-patches by date:

From: Alvaro Herrera
Date: 08 July 2007, 23:17:16
Subject: Re: Compile error with MSVC

From: Stephen Frost
Date: 09 July 2007, 02:13:59
Subject: Re: dblink connection security

Re: dblink connection security - Mailing list pgsql-patches

Previous

Next